Securing data through encryption/decryption methods, especially, when transmitting it over insecure channels, from cryptographic attacks is widely known. Traditionally, a method of symmetric encryption was used to secure the information between two users. The method of symmetric encryption required creating a single secret key known only to the two users. However, the secrecy was only guaranteed to the extent the two users kept the key secret. Additionally, the method of prior exchange of the key made the system even more cumbersome. To make the system more secure and reliable, the public-key system was introduced.
In a public-key system, also known as the asymmetric or two-key system, each user's key has a public and private component. The public component generates public encryption, while the private component generates private decryption of the encrypted text. This makes the system much more secure, because it is difficult to break an encryption, unless the corresponding private key is also known.
A typical public-key system uses a pseudo-random number generator (PRNG) to generate random numbers through a deterministic process. Consequently, the security of such system is dependent upon having a strong pseudo-random number generation (PRNG) algorithm. A PRNG uses a random internal state and a process called stirring to produce a stream of bits that satisfy various statistical tests of cryptographic randomness. The internal state is initialized with a random value called a seed. The seed must have a high level of entropy to ensure that the stream of bits are sufficiently hard to guess. Existing methods of gathering entropy use information gathered from a local system to seed the PRNG. If the seed gathered from the local system does not have sufficient entropy, an attacker can guess the output of the PRNG with relative ease, and break the system. This is especially true in constrained environments such as the Java Virtual Machine.